A new phishing campaign targeting insurance companies has been detected by researchers. The phishing messages attempt to steal Instagram login credentials by threatening to shut the account down. The message also claims that the user receiving the notice reportedly shared fake content on the social media platform. The phishing campaign using the guise of Instagram support is not uncommon, according to researchers. This one was launched against a prominent US life insurance company headquartered in New York.
On Wednesday, Armorblox released an an analysis of the campaign, stating that combining brand impersonation with social engineering tactics made for a convincing email. In addition, the phishers managed to bypass Google’s email security by using a valid domain name. Therefore, the illegitimate message was delivered to thousands of employees. The email used in the phishing attempt was disguised as an alert created to forge a sense of urgency, a popular technique among phishing campaigns. The email offered recipients 24 hours to log in and restore their account before it was permanently deleted. Those who did so had their credentials stolen.
Read More: Phony Instagram ‘Support Staff’ Emails Hit Insurance Company